Unable to load RSA public key for signature verification
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Apr 13 17:49:09 UTC 2023
On Thu, Apr 13, 2023 at 05:28:34PM +0000, Michael Wojcik via openssl-users wrote:
> > int main() {
> > constexpr auto pubKey = "-----BEGIN PUBLIC KEY-----\n"
>
> A quick look at the source shows PEM_read_RSAPublicKey wants
> PEM_STRING_RSA_PUBLIC, which is "RSA PUBLIC KEY". So that function
> only supports PEM objects with the start line
> "-----BEGIN RSA PUBLIC KEY-----".
Yes, that's the issue.
> OpenSSL supports multiple PEM formats for RSA keys. I'm trying to
> recall the details -- I think there's an old OpenSSL format and a
> later standard format, maybe?
There's an RSA algorithm-specific legacy format an an algorithm-neutral
preferred format (X.509 SPKI).
> Try PEM_read_RSA_PUBKEY instead.
No, just use PEM_read_PUBKEY(), and use algorithm-neutral APIs that
will work equally well with RSA, ECDSA, Ed25519, ...
--
Viktor.
More information about the openssl-users
mailing list